Rancher-ELK logstash collector doesn't receive external logs


I have followed your steps and installed the Rancher-ELK and is working fine. I have also installed the optional docker of logspout which is sending the docker logs to elasticsearch.


However I am unable to send json logs from external applications to the logstash collector. I have exposed the port 5000 on the host server but the container doesn’t expose this port and it doesn’t work. Any help would be appreciated. It only works with the docker logs forwarded by logspout

restart: always
tty: true

  • redis:redis
  • “5000:5000/udp”
  • logstash-collector-config


Hi @Duddu_Pravee, on the compute node you are running the logstash collector on, can you check the IP Tables rules?

sudo iptables -L -t nat

You are looking to make sure that UDP port 5000 is being forwarded to your logstash collector container.

Also, when you open firewall/security group for the port, you will need to make sure it set for UDP and not just the default TCP.

I am also having the same issue. The ELK stuff is logging but any other services on any other host is not logging.

I’ve tried just about everything about would love some help or more documentation on how these catalog services work.


@cloudnautique Finally figured out what it is.

When creating a new service in rancher, make sure under “Advanced” to put none for the console options. It defaults to Interactive & TTY. This prevents docker/rancher/logspout from separating the stdout and stderr.

@denise PLEASE save people this headache and document it somewhere, thanks!

1 Like